A traditional transaction between a consumer and a merchant involves two parties. Each party can view the other and verify one another's credibility. However, in electronic commerce the transaction becomes more complex. The merchant is now represented by a complex and multi-component system comprising such parts as databases, web pages, credit card processing, and authentication schemes. The consumer is now an end-user interacting not with the merchant, but with his computing device.
Since the merchant in an e-commerce scenario interacts only with a computing device of the end-user and does not have “face to face” contact with the end-user, all end-user verification by the merchant must take place via the computing device of the end-user. Hence, the most the merchant can do regarding security of an online transaction is to use digital security mechanisms such as Secure Socket Layer (SSL) to establish security and build a trust relationship with the computing device.
However, such digital security mechanisms do not establish any trust relationship between the merchant and the customer. A prior art solution to this problem is to rely on a customer account login process. In this manner, the particular knowledge (i.e., password) that the customer has, establishes his identity with the merchant. However, passwords can be stolen and illegitimate transactions might be processed.
Often, it is difficult in mobile and handheld devices, such as those used in M-commerce scenarios (i.e. commerce using a mobile device), to provide a login process, because these devices lack the traditional human-computer interface such as a full keyboard. Hence, M-commerce systems often switch to a different prior art solution to verify the identity of the end-user. This solution is to presume that there is a security binding between the customer and his purchasing device. The purchasing device has specific data associated with it that can be recognized and verified by an M-Commerce system. For example, when a cellular phone is used, a particular set of information is transmitted identifying the cellular phone, and any transaction coming from the purchasing device is accepted as originating from the owner of the device.
This model also has drawbacks. Mobile devices are becoming more and more sophisticated and include a variety of features and, often, multiple communication channels. If one of these communication channels is hijacked, the communication can be intercepted or duplicated to produce an illegitimate transaction. Still further, multi-mode devices have multiple communication interfaces. For example, one particularly popular example is an IEEE 802.11 (Wi-Fi) and cellular dual-mode phone. The architectural designs of these multi-mode mobile devices often do not separate applications for different connections; the intention is to support “seamlessness” while the device switches communication technologies. It now becomes possible for an attacker to hijack an application running on a mobile device via, for example, the Wi-Fi interface. The attacker can now launch purchasing requests from the same application using M-commerce channels and take advantage of the trust between the merchant and the computing device of the end-user. From the M-commerce merchant perspective, such transactions appear legitimate because the transaction comes from the recognized device.
Since there is no “face to face” contact between a merchant and a consumer in electronic commerce, a weak point exists. Hijackers of computer systems and electronic commerce can take advantage of this weak point to carry out fraudulent transactions.
The prior art solutions of recognizing a device, or having the end-user, the consumer, enter a password, have limitations. Thus, an improved method of verifying that a transaction is legitimate is needed.